CVE-2004-2320

EPSS 6.94%
Veröffentlicht 31.12.2004 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bea ≫ Weblogic Server Version5.1 Editionexpress

Bea ≫ Weblogic Server Version5.1 Editionwin32

Bea ≫ Weblogic Server Version5.1 Updatesp1

Bea ≫ Weblogic Server Version5.1 Updatesp1 Editionexpress

Bea ≫ Weblogic Server Version5.1 Updatesp1 Editionwin32

Bea ≫ Weblogic Server Version5.1 Updatesp10

Bea ≫ Weblogic Server Version5.1 Updatesp10 Editionexpress

Bea ≫ Weblogic Server Version5.1 Updatesp10 Editionwin32

Bea ≫ Weblogic Server Version5.1 Updatesp11

Bea ≫ Weblogic Server Version5.1 Updatesp11 Editionexpress

Bea ≫ Weblogic Server Version5.1 Updatesp11 Editionwin32

Bea ≫ Weblogic Server Version5.1 Updatesp12

Bea ≫ Weblogic Server Version5.1 Updatesp12 Editionexpress

Bea ≫ Weblogic Server Version5.1 Updatesp12 Editionwin32

Bea ≫ Weblogic Server Version5.1 Updatesp13

Bea ≫ Weblogic Server Version5.1 Updatesp13 Editionexpress

Bea ≫ Weblogic Server Version5.1 Updatesp13 Editionwin32

Bea ≫ Weblogic Server Version5.1 Updatesp2

Bea ≫ Weblogic Server Version5.1 Updatesp2 Editionexpress

Bea ≫ Weblogic Server Version5.1 Updatesp2 Editionwin32

Bea ≫ Weblogic Server Version5.1 Updatesp3

Bea ≫ Weblogic Server Version5.1 Updatesp3 Editionexpress

Bea ≫ Weblogic Server Version5.1 Updatesp3 Editionwin32

Bea ≫ Weblogic Server Version5.1 Updatesp4

Bea ≫ Weblogic Server Version5.1 Updatesp4 Editionexpress

Bea ≫ Weblogic Server Version5.1 Updatesp4 Editionwin32

Bea ≫ Weblogic Server Version5.1 Updatesp5

Bea ≫ Weblogic Server Version5.1 Updatesp5 Editionexpress

Bea ≫ Weblogic Server Version5.1 Updatesp5 Editionwin32

Bea ≫ Weblogic Server Version5.1 Updatesp6

Bea ≫ Weblogic Server Version5.1 Updatesp6 Editionexpress

Bea ≫ Weblogic Server Version5.1 Updatesp6 Editionwin32

Bea ≫ Weblogic Server Version5.1 Updatesp7

Bea ≫ Weblogic Server Version5.1 Updatesp7 Editionexpress

Bea ≫ Weblogic Server Version5.1 Updatesp7 Editionwin32

Bea ≫ Weblogic Server Version5.1 Updatesp8

Bea ≫ Weblogic Server Version5.1 Updatesp8 Editionexpress

Bea ≫ Weblogic Server Version5.1 Updatesp8 Editionwin32

Bea ≫ Weblogic Server Version5.1 Updatesp9

Bea ≫ Weblogic Server Version5.1 Updatesp9 Editionexpress

Bea ≫ Weblogic Server Version5.1 Updatesp9 Editionwin32

Bea ≫ Weblogic Server Version6.1

Bea ≫ Weblogic Server Version6.1 Editionexpress

Bea ≫ Weblogic Server Version6.1 Editionwin32

Bea ≫ Weblogic Server Version6.1 Updatesp1

Bea ≫ Weblogic Server Version6.1 Updatesp1 Editionexpress

Bea ≫ Weblogic Server Version6.1 Updatesp1 Editionwin32

Bea ≫ Weblogic Server Version6.1 Updatesp2

Bea ≫ Weblogic Server Version6.1 Updatesp2 Editionexpress

Bea ≫ Weblogic Server Version6.1 Updatesp2 Editionwin32

Bea ≫ Weblogic Server Version6.1 Updatesp3

Bea ≫ Weblogic Server Version6.1 Updatesp3 Editionexpress

Bea ≫ Weblogic Server Version6.1 Updatesp3 Editionwin32

Bea ≫ Weblogic Server Version6.1 Updatesp4

Bea ≫ Weblogic Server Version6.1 Updatesp4 Editionexpress

Bea ≫ Weblogic Server Version6.1 Updatesp4 Editionwin32

Bea ≫ Weblogic Server Version6.1 Updatesp5

Bea ≫ Weblogic Server Version6.1 Updatesp5 Editionexpress

Bea ≫ Weblogic Server Version6.1 Updatesp5 Editionwin32

Bea ≫ Weblogic Server Version6.1 Updatesp6

Bea ≫ Weblogic Server Version6.1 Updatesp6 Editionwin32

Bea ≫ Weblogic Server Version7.0

Bea ≫ Weblogic Server Version7.0 Editionexpress

Bea ≫ Weblogic Server Version7.0 Editionwin32

Bea ≫ Weblogic Server Version7.0 Updatesp1

Bea ≫ Weblogic Server Version7.0 Updatesp1 Editionexpress

Bea ≫ Weblogic Server Version7.0 Updatesp1 Editionwin32

Bea ≫ Weblogic Server Version7.0 Updatesp2

Bea ≫ Weblogic Server Version7.0 Updatesp2 Editionexpress

Bea ≫ Weblogic Server Version7.0 Updatesp2 Editionwin32

Bea ≫ Weblogic Server Version7.0 Updatesp3

Bea ≫ Weblogic Server Version7.0 Updatesp3 Editionexpress

Bea ≫ Weblogic Server Version7.0 Updatesp3 Editionwin32

Bea ≫ Weblogic Server Version7.0 Updatesp4

Bea ≫ Weblogic Server Version7.0 Updatesp4 Editionexpress

Bea ≫ Weblogic Server Version7.0 Updatesp4 Editionwin32

Bea ≫ Weblogic Server Version8.1

Bea ≫ Weblogic Server Version8.1 Editionexpress

Bea ≫ Weblogic Server Version8.1 Editionwin32

Bea ≫ Weblogic Server Version8.1 Updatesp1

Bea ≫ Weblogic Server Version8.1 Updatesp1 Editionexpress

Bea ≫ Weblogic Server Version8.1 Updatesp1 Editionwin32

Bea ≫ Weblogic Server Version8.1 Updatesp2

Bea ≫ Weblogic Server Version8.1 Updatesp2 Editionexpress

Bea ≫ Weblogic Server Version8.1 Updatesp2 Editionwin32

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.94%	0.91

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://dev2dev.bea.com/pub/advisory/68

Patch

Vendor Advisory

http://secunia.com/advisories/10726

Vendor Advisory

http://www.kb.cert.org/vuls/id/867593

Third Party Advisory

US Government Resource

http://www.osvdb.org/3726

http://www.securityfocus.com/bid/9506

Patch

http://www.securitytracker.com/alerts/2004/Jan/1008866.html

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/14959

https://nvd.nist.gov/vuln/detail/CVE-2004-2320

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-2320

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-2320

EUVD